Exactly, you ask the smartcard to decrypt your traffic (and sign data if needed), it never tells you the key, it's a blackbox - it gets plaintext input and gives you encrypted (or signed) output, without ever revealing the key it's used. It can also generate the key internally (actually a keypair, it stores the private key in secure memory (protected from software _and_ hardware attacks)) and gives you the public key so that you can publish it.

Remember, smartcards are not just storage, they are tamper resistant embedded computers. Very limited computers, true, but very good at keeping secret keys secret, both from a software attack and from a hardware (drop the card in acid, use a logic analyzer kind of) attack.

Razvan

Razvan Dragomirescu

Chief Technology Officer

Cayenne Graphics SRL

On Sat, Oct 17, 2015 at 11:40 PM, Ivan Markin <twim@riseup.net> wrote:

Ken Keys:
>> > The point is that one can't[*] extract a private key from a smartcard
>> > and because of that even if machine is compromised your private key
>> > stays safe.
> If the machine is going to use the HS key, the actual HS key has to be
> visible to it.

Nope. If the machine is going to use the HS key it can ask a smartcard
to do so. Of course private key is visible to something/someone anyway.
But in case of smartcards it is visible to a smartcard only.

> An encrypted container holding a VM could use RSA-style
> public/private key encryption so that it never has to see the private
> key used to unlock it. You would still need to trust the VM, but the
> encrypted container would allow you to establish a chain of custody.

It's OK to unlock some encrypted block device/VM with some 'unpluggable'
key. But it does nothing to protect your HS' identity.

--
Ivan Markin
/"\
\ / ASCII Ribbon Campaign
X against HTML email & Microsoft
/ \ attachments! http://arc.pasp.de/

_______________________________________________
tor-dev mailing list
tor-dev@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev